GHSA-xx7v-hqxh-cjr9

Source

https://github.com/advisories/GHSA-xx7v-hqxh-cjr9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-xx7v-hqxh-cjr9/GHSA-xx7v-hqxh-cjr9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xx7v-hqxh-cjr9

Aliases

CVE-2025-64775

Published

2025-12-01T18:30:38Z

Modified

2025-12-03T14:28:55.895614Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Apache Struts is Vulnerable to DoS via File Leak

Details

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-459"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2025-12-01T16:15:56Z",
    "github_reviewed_at": "2025-12-03T13:56:53Z"
}

References

Affected packages

Maven

org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.8.0

Affected versions

6.*

6.0.0

6.0.3

6.1.1

6.1.2

6.1.2.1

6.1.2.2

6.2.0

6.3.0

6.3.0.1

6.3.0.2

6.4.0

6.6.0

6.6.1

6.7.0

6.7.4

org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.1.1

Affected versions

7.*

7.0.0

7.0.3

org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Last affected

2.3.37

Affected versions

2.*

2.0.5

2.0.6

2.0.8

2.0.9

2.0.11

2.0.11.1

2.0.11.2

2.0.12

2.0.14

2.1.2

2.1.6

2.1.8

2.1.8.1

2.2.1

2.2.1.1

2.2.3

2.2.3.1

2.3.1

2.3.1.1

2.3.1.2

2.3.3

2.3.4

2.3.4.1

2.3.7

2.3.8

2.3.12

2.3.14

2.3.14.1

2.3.14.2

2.3.14.3

2.3.15

2.3.15.1

2.3.15.2

2.3.15.3

2.3.16

2.3.16.1

2.3.16.2

2.3.16.3

2.3.20

2.3.20.1

2.3.20.3

2.3.24

2.3.24.1

2.3.24.3

2.3.28

2.3.28.1

2.3.29

2.3.30

2.3.31

2.3.32

2.3.33

2.3.34

2.3.35

2.3.36

2.3.37

org.apache.struts:struts2-core

Package

Name: org.apache.struts:struts2-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Last affected

2.5.33

Affected versions

2.*

2.5

2.5.1

2.5.2

2.5.5

2.5.8

2.5.10

2.5.10.1

2.5.12

2.5.13

2.5.14

2.5.14.1

2.5.16

2.5.17

2.5.18

2.5.20

2.5.22

2.5.25

2.5.26

2.5.27

2.5.28

2.5.28.1

2.5.28.2

2.5.28.3

2.5.29

2.5.30

2.5.31

2.5.32

2.5.33